----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74142/#review224759 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java Lines 19 (patched) <https://reviews.apache.org/r/74142/#comment313554> By convention, package names are in all lowercase letters. Consider renaming this package to "externalretrievers". agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java Lines 41 (patched) <https://reviews.apache.org/r/74142/#comment313556> How about using gson object instantiated at #32, instead of instantiating it for every call to getBearerToken()? agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java Lines 48 (patched) <https://reviews.apache.org/r/74142/#comment313536> Ranger libraries use HttpClient library for HTTP calls - https://hc.apache.org/httpcomponents-client-4.5.x/index.html#. To avoid additional dependency of unirest libraries, I suggest to use HttpClient library. agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java Lines 34 (patched) <https://reviews.apache.org/r/74142/#comment313544> static members encodedSecrets and decodedSecrets are unused. Please review and remove. agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/pom.xml Lines 18 (patched) <https://reviews.apache.org/r/74142/#comment313535> Is this pom.xml file necessary? Please review and remove if unused. - Madhan Neethiraj On Sept. 26, 2022, 7:17 p.m., Barbara Eckman wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74142/ > ----------------------------------------------------------- > > (Updated Sept. 26, 2022, 7:17 p.m.) > > > Review request for ranger and madhan. > > > Bugs: Ranger-3855 > https://issues.apache.org/jira/browse/Ranger-3855 > > > Repository: ranger > > > Description > ------- > > RangerExternalUserStoreRetriever class Ranger-3855 > > Ranger version 3.0.0 provides a means, via a context enricher, to add or > retrieve attributes to the database of users for whom Ranger controls access. > This permits syntax like "Dumbo" in $USER.aliases any Ranger policy > condition, including row and tag filters. This greatly enhances the ability > to provide custom Attribute-based Access Control based on the specific > business needs of one's organization. > > I believe that the original assumption was that such attributes would be > added to AD/LDAP and enter Ranger via regular user sync's. However, this > process does not currently work with Azure AD, which many organizations use. > Neither does it provide timely support for organizations for whom adding each > new attribute to AD would be subject to prolonged scrutiny by overworked > security teams. > > In the spirit of the RangerAdminUserStoreRetriever context enricher, we have > written a RangerExternalUserStoreRetriever class which adds arbitrary > attributes to Ranger users via external API calls, thus freeing additions to > the UserStore from dependency on AD/LDAP. We have also written a > RangerRoleUserStoreRetriever class, which transforms role membership into > user attributes, for ease of use in complex policy conditions. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromDataFile.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromURL.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/LICENSE > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/NOTICE > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/README.md > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerExternalUserStoreRetriever.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerRoleUserStoreRetriever.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/TokenInputs.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/pom.xml > PRE-CREATION > plugin-nestedstructure/README.md ea878f6a2 > > > Diff: https://reviews.apache.org/r/74142/diff/1/ > > > Testing > ------- > > > Thanks, > > Barbara Eckman > >